From 1c6d21e4e66f00c34082e1a60d12d2cda593b0d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20=C3=96sterreicher?= Date: Fri, 15 Feb 2013 11:13:21 +0000 Subject: [PATCH] - Autocomplete Plugin durch JQuery UI Autocomplete ersetzt - Hardcodierte URL ersetzt - Security Fixes --- .../reihungstest_administration.php | 60 ++++++++++++------- 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/vilesci/stammdaten/reihungstest_administration.php b/vilesci/stammdaten/reihungstest_administration.php index ce4d74139..636b7a230 100644 --- a/vilesci/stammdaten/reihungstest_administration.php +++ b/vilesci/stammdaten/reihungstest_administration.php @@ -43,7 +43,7 @@ $datum_obj = new datum(); if(isset($_REQUEST['autocomplete']) && $_REQUEST['autocomplete']=='prestudent') { - $search=trim((isset($_REQUEST['q']) ? $_REQUEST['q']:'')); + $search=trim((isset($_REQUEST['term']) ? $_REQUEST['term']:'')); if (is_null($search) ||$search=='') exit(); $qry = "SELECT @@ -62,10 +62,17 @@ if(isset($_REQUEST['autocomplete']) && $_REQUEST['autocomplete']=='prestudent') "; if($result = $db->db_query($qry)) { + $result_obj = array(); while($row = $db->db_fetch_object($result)) { - echo html_entity_decode($row->vorname).' '.html_entity_decode($row->nachname).'|'.html_entity_decode($row->stg).'|'.html_entity_decode($row->status).'|'.html_entity_decode($row->prestudent_id)."\n"; + $item['vorname']=html_entity_decode($row->vorname); + $item['nachname']=html_entity_decode($row->nachname); + $item['stg']=html_entity_decode($row->stg); + $item['status']=html_entity_decode($row->status); + $item['prestudent_id']=html_entity_decode($row->prestudent_id); + $result_obj[]=$item; } + echo json_encode($result_obj); } exit; } @@ -82,9 +89,10 @@ echo ' + - +

Reihungstest - Administration

'; @@ -110,8 +118,8 @@ if(isset($_POST['personzuteilen'])) } } //Links -echo '
Auswertung | - Fragenkatalog
+echo '
Auswertung | + Fragenkatalog

'; //Anzeigen der kommenden Reihungstesttermine: echo '
Anzeigen der kommenden Reihungstests'; @@ -376,18 +384,24 @@ function formatItem(row) { return row[0] + ' ' + row[1] + ' ' + row[2] + ' ' + row[3]; } - -$('#prestudent_name').autocomplete('reihungstest_administration.php', - { - minChars:2, - matchSubset:1,matchContains:1, - width:500, - formatItem:formatItem, - extraParams:{'autocomplete':'prestudent' - } - }).result(function(event, item) { - $('#prestudent_id').val(item[3]); - }); +$('#prestudent_name').autocomplete({ + source: 'reihungstest_administration.php?autocomplete=prestudent', + minLength:2, + response: function(event, ui) + { + //Value und Label fuer die Anzeige setzen + for(i in ui.content) + { + ui.content[i].value=ui.content[i].vorname+' '+ui.content[i].nachname+' '+ui.content[i].stg+' '+ui.content[i].status+' '+ui.content[i].prestudent_id; + ui.content[i].label=ui.content[i].vorname+' '+ui.content[i].nachname+' '+ui.content[i].stg+' '+ui.content[i].status+' '+ui.content[i].prestudent_id; + } + }, + select: function(event, ui) + { + //Ausgeaehlte Ressource zuweisen und Textfeld wieder leeren + $('#prestudent_id').val(ui.item.prestudent_id); + } + }); "; @@ -443,20 +457,20 @@ $qry="SELECT levelgleichverteilung, maxpunkte, antwortenprozeile, - (SELECT SUM (zeit) AS sum FROM testtool.tbl_gebiet JOIN testtool.tbl_ablauf USING (gebiet_id) WHERE studiengang_kz='".$studiengang_kz."'"; + (SELECT SUM (zeit) AS sum FROM testtool.tbl_gebiet JOIN testtool.tbl_ablauf USING (gebiet_id) WHERE studiengang_kz=".$db->db_add_param($studiengang_kz, FHC_INTEGER); if ($semester!='') - $qry.=" AND semester='".$semester."'"; + $qry.=" AND semester=".$db->db_add_param($semester, FHC_INTEGER); $qry.=" ) AS gesamtzeit, - (SELECT SUM (zeit) AS sum FROM testtool.tbl_gebiet JOIN testtool.tbl_ablauf USING (gebiet_id) WHERE studiengang_kz='".$studiengang_kz."'"; + (SELECT SUM (zeit) AS sum FROM testtool.tbl_gebiet JOIN testtool.tbl_ablauf USING (gebiet_id) WHERE studiengang_kz=".$db->db_add_param($studiengang_kz, FHC_INTEGER); if ($semester!='') - $qry.=" AND semester='".$semester."'"; + $qry.=" AND semester=".$db->db_add_param($semester, FHC_INTEGER); $qry.=" )-'00:40:00'::time without time zone AS gesamtzeit_persoenlichkeit FROM testtool.tbl_ablauf JOIN testtool.tbl_gebiet USING (gebiet_id) JOIN public.tbl_studiengang USING (studiengang_kz) - WHERE studiengang_kz='".$studiengang_kz."'"; + WHERE studiengang_kz=".$db->db_add_param($studiengang_kz, FHC_INTEGER); if ($semester!='') - $qry.=" AND semester='".$semester."'"; + $qry.=" AND semester=".$db->db_add_param($semester, FHC_INTEGER); $qry.=" ORDER BY stg,semester,reihung";